SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: does iSCSI support CHAP challenges at random intervals?




    No - reauthentication was not considered.  Julo


    "Dean Scoville" <dean.scoville@qlogic.com>
    Sent by: owner-ips@ece.cmu.edu

    28/08/02 19:56

           
            To:        <ips@ece.cmu.edu>
            cc:        
            Subject:        does iSCSI support CHAP challenges at random intervals?

           


    The CHAP RFC (RFC 1994) allows the authenticator to send a new challenge to the peer at random intervals. I don't see any mention of this in the IPS Security document or the iSCSI Draft. In the iSCSI Draft, the CHAP keys are discussed in section 10 with regard to the Security Stage of Login, but are not mentioned in full feature phase.  As far as iSCSI is concerned, is CHAP authentication a one-time occurance during login, or are new challenges also allowed/expected at random intervals during the life of the connection? If re-authentication is allowed, then an example would be helpful in the text (target initiates authentication via async msg requesting parameter negotiation, then issues CHAP_I CHAP_C challenge in response to empty text request pdu; or initiator initiates authentication via text request containing CHAP_A key, etc...). If it is not allowed, perhaps we should explicitly state this in the iSCSI draft and/or IPS Security ! document, since it is a difference betwee!
    n iSCSI usage of CHAP and that allowed by the RFC.
    thanks,
    Dean Scoville
    QLogic




Home

Last updated: Thu Aug 29 02:19:02 2002
11710 messages in chronological order